Careers

At CERT, we study and solve problems with widespread cybersecurity implications, research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to help improve cybersecurity.

We develop tools, products, and methods to help organizations conduct forensic examinations, analyze vulnerabilities, and monitor large-scale networks. We help organizations determine how effective their security-related practices are. And we share our work at conferences; in blogs, webinars, and podcasts; and through our many articles, technical reports, and white papers.

Our work environment is collaborative in nature as staff members work on cross-functional teams within the CERT Division, the Software Engineering Institute, other Carnegie Mellon departments, and across the global community. We also collaborate with high-level organizations, such as the U.S. Department of Defense and the Department of Homeland Security; law enforcement, including the FBI; the intelligence community; and many industry organizations.

Staff members say that one of the most satisfying aspects of working in the CERT Division "is being able to contribute to a global community that can impact the state of internet security."

Participate in technical efforts, including development and prototyping of new analysis techniques, tools, and platforms, preparation of analytic reports, and contributions to research publications

Be respected as a subject matter expert by customers, commercial vendors, and the Internet community as a whole

Be expected to appreciably advance the state of art of cybersecurity architectures

Minimum Qualifications and Requirements:

Education/Training/: Bachelor’s Degree in Computer Science or related scientific/technical field with ten (10) years experience in network operations, security operations, or network security research; Master’s Degree in Computer Science or related scientific/technical field with eight (8) years experience in network operations, security operations, or network security research; PhD in Computer Science or related discipline with two (2) years experience in network operations, security operations, or network security research; or equivalent combination of training and experience.

Professional Experience: Professional experience should include supporting technical decision-making, acquisition and management of large-scale enterprise network security or middleware systems. Experience with full life-cycle management, from costing, design, deployment, operation, maintenance, and retirement for enterprise scale systems is desired.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Flexibility to travel to various locations within the SEI and CMU community, including sponsor sites, conferences, and meetings.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to participate in conversations collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to develop and communicate innovative ideas; ability to take leadership role in technical projects; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Skills/Abilities: Experience with: working with the government, or within a critical infrastructure sector; developing briefing materials for senior leadership within government or industry; deploying or supporting large-scale network security monitoring infrastructures; working with cloud platform delivery and service models; familiarity with distributed computing and/or big data platforms. Prior responsibility in managing a body of work consisting of numerous large scale projects and multiple customers/external sponsors. History of contributions to the broader industry or research community and experience in a variety of network security areas.

Accountability: The individual is accountable for: Active participation in the overall Situational Awareness R&D effort; Participating in the production of original publications in network security analysis; Participating in public speaking engagements, including at remote locations.

Direction: The individual is expected to act with minimal direction using CMU, SEI, CERT and Monitoring and Response defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of basic requirements elicitation and validation participation in fundamental research in network security.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual will act in a technical leadership or project lead role in regard to specific work products and activities both at CMU and at the customer site.

Job Functions and Responsibilities:

75% Leads support to the customer program office in the areas of strategy; process/policies; requirements elicitation; design and architecture; operations; outreach; and training.

15% Enable the transition and appropriate focus of NetSA analysis and engineering approaches and tools into operational environments.

Position Summary: The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops.

The selected individual will participate in the examination, analysis, documentation, modeling, and assessment of insider threat and electronic (cyber) and physical crime activity and information security risks to critical infrastructure systems. The selected individual will analyze technical and behavioral issues (potential risk indicators (PRIs) of insiders, and examine privacy concerns regarding organizational practices for identifying and mitigating insider threats. The individual will work as a member of collaborative project teams in researching and implementing one or more projects composing these studies. This position will involve close work with customers from a variety of organizations, including government agencies and critical infrastructure providers.

MinimumQualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with three (3) years experience or equivalent; MS in computer science, software engineering, information systems, a related technical field, or an advanced degree in psychology or other field that will assist in insider threat behavioral identification.

Experience: Experience in research in a field relevant to insider threat (cyber and behavioral) or experience as a system/network administrator, information systems analyst, or behavioral psychologist.

strong oral and written communications skills and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings

reasoning and problem-solving skills

ability to work independently with limited supervision

ability to recognize and deal appropriately with confidential and sensitive information

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites & various critical infrastructure sites.

Environmental Conditions: Close contact with CRT for extended periods of time.

Mental:

ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues

ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related technical or behavioral field with at least one (1) years experience preferred; Knowledge of intellectual property or technology law. Certified Information Systems Security Professional (CISSP) or similar certification is desired.

Licenses:

Insider Threat Vulnerability Assessor Certificate

Insider Threat Program Manager Certificate

Experience:

experience working in or with the DOD, intelligence community, or law enforcement in a classified environment

experience in both physical and cyber security; experience in auditing or conducting assessments

experience performing insider threat vulnerability assessments

experience performing insider threat program evaluations

working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security

experience working with law enforcement and the intelligence community

Skills/Abilities:

working knowledge of network security/survivability

demonstrated ability to prepare papers and presentations for technical and non-technical audiences

knowledge of and experience with sound software engineering practices and best practices for information security

working knowledge of systems dynamic modeling techniques and modeling applications and tools

experience with statistical techniques

project management experience

leadership and mentoring skills

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results (this may include the detailed examination and analysis of law enforcement or classified case files). The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT’s defined policies, practices, and procedures – within the scope of assigned work, and to adhere to any additional sponsor-specified requirements related to the projects involved..

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at critical infrastructure locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and supervision of graduate students as well as serve in a mentor role for new employees.

30% Participate in the development and delivery of security analysis and risk assessment approaches with customers and partners; participate in research, analysis, and documentation of physical/cyber security vulnerabilities at critical infrastructure sites.

10% Contribute to conferences and meetings; participate in marketing calls on clients; give talks, lectures and workshops as appropriate

Position Summary: The goal of the Enterprise Threat and Vulnerability Management (ETVM) team is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops.

The selected individual will participate in the examination, analysis, documentation, modeling, and assessment of insider threat and electronic (cyber) and physical crime activity and information security risks to critical infrastructure systems. The selected individual will analyze technical and behavioral issues (potential risk indicators (PRIs) of insiders, and examine privacy concerns regarding organizational practices for identifying and mitigating insider threats. The individual will work as a member of collaborative project teams in researching and implementing one or more projects composing these studies. This position will involve close work with customers from a variety of organizations, including government agencies and critical infrastructure providers.

MinimumQualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with eight (8) years’ experience or equivalent; MS in computer science, software engineering, information systems, a related technical field, or an advanced degree in psychology or other field that will assist in insider threat behavioral identification.

Experience: Experience in research in a field relevant to insider threat (cyber and behavioral) or experience as a system/network administrator, information systems analyst, or behavioral psychologist.

strong oral and written communications skills and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings

reasoning and problem-solving skills

ability to work independently with limited supervision

ability to recognize and deal appropriately with confidential and sensitive information

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites & various critical infrastructure sites.

Environmental Conditions: Close contact with CRT for extended periods of time.

Mental:

ability and interest in addressing security issues in a holistic manner, addressing both organizational and technical policies and practices; as well as behavioral and organizational issues

ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related technical or behavioral field with at least five (5) years’ experience preferred; Knowledge of intellectual property or technology law. Certified Information Systems Security Professional (CISSP) or similar certification is desired.

Licenses:

Insider Threat Vulnerability Assessor Certificate

Insider Threat Program Manager Certificate

Experience:

experience working in or with the DOD, intelligence community, or law enforcement in a classified environment

experience in both physical and cyber security; experience in auditing or conducting assessments

experience performing insider threat vulnerability assessments

experience performing insider threat program evaluations

working in a team environment on collaborative projects in critical infrastructure sectors involving network, system or data security

experience working with law enforcement and the intelligence community

Skills/Abilities:

working knowledge of network security/survivability

demonstrated ability to prepare papers and presentations for technical and non-technical audiences

knowledge of and experience with sound software engineering practices and best practices for information security

working knowledge of systems dynamic modeling techniques and modeling applications and tools

experience with statistical techniques

project management experience

leadership and mentoring skills

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results (this may include the detailed examination and analysis of law enforcement or classified case files). The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT’s defined policies, practices, and procedures – within the scope of assigned work, and to adhere to any additional sponsor-specified requirements related to the projects involved..

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at critical infrastructure locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position will involve the training and supervision of graduate students as well as serve in a mentor role for new employees.

30% Participate in the development and delivery of security analysis and risk assessment approaches with customers and partners; participate in research, analysis, and documentation of physical/cyber security vulnerabilities at critical infrastructure sites.

10% Contribute to conferences and meetings; participate in marketing calls on clients; give talks, lectures and workshops as appropriate

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research and development to improve the state of cybersecurity. As a Senior Information Security Engineer, you have a background in cybersecurity policy and governance.

You are self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and writing skills. You are able to interact with clients and staff of all levels in a highly professional and competent manner. You enjoy the flexibility of an organization that values hard work but appreciates work-life balance and professional development. In your role, you will

shape National and organizational policy

analyze and measure effectiveness of policy and governance

develop roadmaps for improvement of cybersecurity capabilities

participate in standards making bodies

assist in implementation of policy and governance

participate in applied research

Minimum Qualifications and Requirements:

Education/Training: BS or BA in relevant field with ten (10) years of experience; MS in relevant field with eight (8) years of experience

Experience: Eight (8) to ten (10) years of experience in information security policy, governance, or leadership. Other potential career backgrounds include: audit, IT security, compliance, or similar technical occupation.

Experience with and substantial knowledge of;

cybersecurity concepts and technical implementations

cybersecurity standards, policies, and frameworks

strategic planning

metrics and measurements methodologies

Travel: Up to 25% travel to various customer locations

Physical Mobility: Primarily sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites

20% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security, policy/governance, and resilience; transition research into applied knowledge for customers.

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

Position Summary: The CERT Program is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research and development to improve the state of cybersecurity. As an Information Security Junior Engineer, you have a strong desire and drive to contribute to team and customer objectives.

You are a team player with problem-solving skills and demonstrate solid presentation and writing skills. You are able to interact with clients and staff in a highly professional and competent manner. You enjoy the flexibility of an organization that values hard work but appreciates work-life balance and professional development. In your role, you will

Research and contribute to improvements in National and organizational policy

analyze and measure effectiveness of policy and governance

contribute to roadmaps for improvement of cybersecurity capabilities

assist in implementation of policy and governance

participate in applied research

Minimum Qualifications and Requirements:

Education/Training: BS or BA in relevant field or equivalent experience in professional position

ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

ability to collaborate diplomatically and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Job Functions or Responsibilities:

70% Participate as a team member in customer engagement to develop, analyze, and implement cybersecurity policy.

15% Participate in research into innovative and cutting-edge tools, techniques, and methods to improve cyber security, policy/governance, and resilience; transition research into applied knowledge for customers.

5% Support conferences, workshops, and meetings as a team contributor.

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

MinimumQualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities:The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Security Automation Directorate helps large network operators and security organizations in the USG distill actionable insights from networks through strategic analysis, tool building, and systems development.

As a member of the Deployment Team, the selected candidate will be responsible for maintaining and evolving a network security test bed used for prototyping and systems analysis. The selected candidate must be capable of administering commodity systems as well as operating specialized networking equipment and hardware. As required, the candidate will support operational users and developer project teams.

MinimumQualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.

Experience: Applicable experience in the design, implementation, and operation of commercial and open source applications including experience in:

System design including services, messaging, scalability, etc.

Scripting (Python, Ruby, Perl).

System administration, monitoring, and automation in Unix/Linux.

Skills/Abilities:

Ability to evaluate and compare various solutions to identify benefits and constraints.

Excellent written and verbal communication skills.

Excellent reasoning and problem-solving skills.

Ability to work effectively without close supervision.

Ability to collaborate with customers and external parties.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 20% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of applicable experience.

Experience:

Knowledge of Security Operations including log/event management and data analysis techniques. ▪ Working in production computing environment using development and operational support tools like JIRA, Bitbucket, and Confluence.

Designing and operating environments that include Unix/Linux, Windows, virtualization, and networking hardware.

Experience using traffic generators to support evaluation and testing functions.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of operating, maintaining and implementing a prototype network environment.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual may act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

Job Functions or Responsibilities:

45% Manage the hardware and software of a prototype network security test-bed to include all appropriate system administration tasks and processes; provision for new requirements and growth.

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their insider threat mitigation and incident management practices and developing capabilities for preventing, detecting, deterring, and responding to evolving insider threats. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment and evaluation methodologies; and creation and delivery of controls, training, courses, and workshops.

The individual in this position will be a part of the Technical Solutions team within ETVM. The Technical Solutions Team is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions Team interacts with US Government departments and agencies, industry representatives, contractors, academia and others to identify gaps in cybersecurity tools, techniques, and procedures; create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team frequently communicates their work to the community by publishing technical reports and white papers, and presenting at conferences, symposia, and other working groups.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with three (3) years of experience or equivalent, or MS in computer science, software engineering, information systems, or a related technical field with one (1) year of experience or equivalent.

strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings.

ability to travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; ability to work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking;

manage workload and priorities on multiple scheduled assessments;

able to function independently or in teams depending on the project;

work under pressure; deal with stress;

deal with challenging individuals while maintaining composure;

ability to exercise tact and discretion when handling highly sensitive and confidential issues;

maintain confidentiality while working with highly confidential and sensitive matters.

ability to interpret and communicate information about government regulations and university policies.

quantitative and qualitative analytical skills.

ability to trouble shoot problems proactively and to answer questions and handle issues as they arise.

effective time management skills; and strong problem solving skills.

Environmental Conditions: close contact with computer monitor for extended periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science with one (1) years applicable experience; Current Associate Certified Information System Security Profession (CISSP), IEEE Professional Software Engineering Master Certification, or similar certification is desired.

Experience:

experience with software development and/or system administration in large-scale, distributed computing environments.

experience developing materials for senior leadership in government or industry.

experience interfacing with the DOD, US federal civilian government, intelligence community, or law enforcement.

experience working in a classified environment.

Skills/Abilities:

data mining.

machine learning.

text and natural language processing.

proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.

Accountability: The individual will be accountable for meeting established deadlines and project milestones. The individual will also be accountable for managing sensitive, and possibly classified, customer information.

Direction: The individual is expected to act in accordance with direct supervision from management and senior staff, as well as follow CMU, SEI, and CERT defined policies, practices, and procedures, and to adhere to any additional sponsor-specified requirements related to the projects involved.

Decisions:The individual must make sound decisions, and demonstrate a commitment to those decisions. The individual must also be able to escalate out-of-scope problems to more experienced team members. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.

Supervisory Responsibilities: The individual may be responsible for managing student interns.

10% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Provide assistance and input to other teams and projects within the SEI.

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Cybersecurity Assurance (CA) Team within the Networked Systems Survivability Program. The CA team develops solutions (in the form of frameworks, models, tools, policies, practices, technical guidance, and training) that allow organizations to assess, analyze, and manage organizational, operational, and technical risks to mission-critical assets, processes, systems, and infrastructures.

Excellent written and oral communication skills; ability to contribute to technical research white papers and reports; ability to prepare papers and deliver presentations to technical and non-technical audiences; ability to contribute to customer technical exchanges and marketing presentations

Ability to work on customer sites with high-ranking members of the Federal Government and US

Participation in professional society activities, particularly IEEE and ACM

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities:

Take or share leadership role in technical projects

Work meticulously with careful attention to detail

Meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities

Deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff

Ability to understand the direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Other: Must be able to work independently and travel as needed; this position requires frequent solo travel by car to customer sites in remote areas. Strong interest in cyber security and critical infrastructure protection analysis basis research, applied research, and development. Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information. Candidates must be able to obtain and maintain a Department of Defense security clearance.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical results. The individual will also contribute to project, department, or program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

5% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Contribute to and review the literature in cyber security, resilience, and software engineering.

5% Provide assistance and input to other teams and projects within the SEI.

Position Summary: Join us at the Software Engineering Institute at Carnegie Mellon University, home of CERT. Our team uses statistics and machine learning to influence our national cybersecurity strategy and protect our nation against cyber-related threats. A sampling of our current projects include:

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Physical Mobility: Normally sedentary position with some mobility; able to travel to various SEI locations; may require some bending, stretching, pushing as well as lifting several reams of paper; dexterity to operate formal document assembly equipment.

Environmental Conditions: Usual office setting; close contact with CRT for long periods of time.

Mental: Ability to handle multiple tasks simultaneously; ability to successful complete task under inflexible time and quality pressure; ability to remain calm and composed when dealing with difficult people, situations, and frequent interruptions.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran.

Position Summary: Work with elite cybersecurity experts and university faculty to build new data mining technologies that will influence the national strategy against cyber attacks in the coming decades. Projects may include developing metrics and experimental designs for large-scale cybersecurity research programs, researching human-in-the-loop machine learning, and analyzing cybersecurity incident data. You will co-author research proposals, execute studies, and present findings to DoD sponsors and academic conferences. Consider applying for this position if you are a proven computer science expert with a firm grasp of security principles and statistical theory.

Minimum Qualifications and Requirements:

Education/Training: Background in machine learning, security, statistics, or related quantitative field with a Bachelor’s degree and three (3) years of experience; Master’s degree and one (1) year of experience.

Skills/Abilities: An ideal candidate will have expertise in the following areas. Experience with specific methods is less important than evidence that you can learn.

Experience supporting test and evaluation for large-scale government research programs is a plus

Decisions: The individual must be able to make decisions about the proper scope of assigned research. This includes being able to discern applicable paper topics, making decisions regarding experimental design and methods, and exercising strong time management skills. The individual must accurately represent the program in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: This position may involve the training and supervision of graduate students and junior employees.

Job Functions or Responsibilities:

40% Data analysis & data analysis tool development.

25% Other types of research support including designing experiments and metrics.

15% Participating in the research community, including attending and presenting at conferences, and reading and writing academic papers.

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their insider threat mitigation and incident management practices and developing capabilities for preventing, detecting, deterring, and responding to evolving insider threats. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment and evaluation methodologies; and creation and delivery of controls, training, courses, and workshops.

The individual in this position will be a part of the Technical Solutions team within ETVM. The Technical Solutions Team is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions Team interacts with US Government departments and agencies, industry representatives, contractors, academia and others to identify gaps in cybersecurity tools, techniques, and procedures; create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team frequently communicates their work to the community by publishing technical reports and white papers, and presenting at conferences, symposia, and other working groups.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with eight (8) years of experience or equivalent, or MS in computer science, software engineering, information systems, or a related technical field with five (5) years of experience or equivalent.

strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings.

ability to travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; ability to work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking;

manage workload and priorities on multiple scheduled assessments;

able to function independently or in teams depending on the project;

work under pressure; deal with stress;

deal with challenging individuals while maintaining composure;

ability to exercise tact and discretion when handling highly sensitive and confidential issues;

maintain confidentiality while working with highly confidential and sensitive matters.

ability to interpret and communicate information about government regulations and university policies.

quantitative and qualitative analytical skills.

ability to trouble shoot problems proactively and to answer questions and handle issues as they arise.

effective time management skills; and strong problem solving skills.

Environmental Conditions: close contact with computer monitor for extended periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science with five (5) years applicable experience; Current Associate Certified Information System Security Profession (CISSP), IEEE Professional Software Engineering Master Certification, or similar certification is desired.

Experience:

experience with software development and/or system administration in large-scale, distributed computing environments.

experience developing materials for senior leadership in government or industry.

experience interfacing with the DOD, US federal civilian government, intelligence community, or law enforcement.

experience working in a classified environment.

Skills/Abilities:

data mining.

machine learning.

text and natural language processing.

proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.

Accountability: The individual will be accountable for meeting established deadlines and project milestones. The individual will also be accountable for managing sensitive, and possibly classified, customer information.

Direction: The individual is expected to act in accordance with direct supervision from management and senior staff, as well as follow CMU, SEI, and CERT defined policies, practices, and procedures, and to adhere to any additional sponsor-specified requirements related to the projects involved.

Decisions:The individual must make sound decisions, and demonstrate a commitment to those decisions. The individual must also be able to escalate out-of-scope problems to more experienced team members. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.

Supervisory Responsibilities: The individual may be responsible for managing student interns.

10% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Provide assistance and input to other teams and projects within the SEI.

Position Summary: Work with elite cybersecurity experts and university faculty to build new data mining technologies that will influence the national strategy against cyber attacks in the coming decades. Projects may include developing metrics and experimental designs for large-scale cybersecurity research programs, researching human-in-the-loop machine learning, and analyzing cybersecurity incident data. You will co-author research proposals, execute studies, and present findings to DoD sponsors and academic conferences. Consider applying for this position if you are a proven computer science expert with a firm grasp of security principles and statistical theory.

Minimum Qualifications and Requirements:

Education/Training: Background in machine learning, security, statistics, or related quantitative field with a Bachelor’s degree and eight (8) years of experience; Master’s degree and five (5) years of experience; PhD and two (2) years of experience; or equivalent combination of training and experience.

Experience: Two plus (2+) years of experience.

Skills/Abilities: An ideal candidate will have expertise in the following areas. Experience with specific methods is less important than evidence that you can learn.

Experience supporting test and evaluation for large-scale government research programs is a plus

Decisions: The individual must be able to make decisions about the proper scope of assigned research. This includes being able to discern applicable paper topics, making decisions regarding experimental design and methods, and exercising strong time management skills. The individual must accurately represent the program in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: This position may involve the training and supervision of graduate students and junior employees.

Job Functions or Responsibilities:

40% Data analysis & data analysis tool development.

25% Other types of research support including designing experiments and metrics.

15% Participating in the research community, including attending and presenting at conferences, and reading and writing academic papers.

Position Summary: The Vulnerability Analysis Team, within the CERT Program’s CERT Coordination Center (CERT/CC), is a group of internet security experts that serve as a trusted and neutral coordination body, dedicated to remediating software vulnerabilities and providing practical guidance for customers, system administrators, security researchers, and the global internet security community to reduce the amount of time software systems are vulnerable.

The individual in this position must be self-motivated and will have the opportunity to serve as a strong contributor and technical leader in the analysis, coordination, and remediation of software vulnerabilities.

Minimum Qualifications and Requirements:

Education: Bachelor of Science in Computer Science, Information Science, Information Management with three (3) years applicable experience as a system or network administrator, software developer, database administrator or similarly technical occupation; or Master of Science in Computer Science, Information Science or Information or equivalent with one year applicable experience. We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Candidates should have experience working with the government community; at least three years of experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following:

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master of Science in Computer Science, Information Science or Information or equivalent with one year applicable experience; or Ph.D in Computer Science, Information Science or Information. We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Ideal candidates will have substantial experience in two or more of the following areas:

industrial/process control systems

web application development

computer and network architecture

reverse engineering

software development

computer and network architecture

network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, and computer security incident response management

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site-specific information.

Direction: Regular interaction with supervisor. Expected to act in accordance with SEI and CERT program procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: Contributes to hiring decisions of program staff; appraises performance of support staff.

Job Functions or Responsibilities:

40% Analyze vulnerability reports using tools, processes, and techniques designed to provide fact-based analysis to other stakeholders in the vulnerability disclosure process.

20% Research, specify, and develop new tools, processes and techniques to improve vulnerability analysis methodology and to support interaction with stakeholders.

This position has multiple openings and can be located in Pittsburgh, PA, Arlington, VA, or Fort George G. Meade.

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

MinimumQualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with three (3) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with one (1) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

This position has multiple openings and can be located in Pittsburgh, PA, Arlington, VA or Fort George G. Meade.

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

MinimumQualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) years of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Position Summary: The Vulnerability Analysis Team, within the CERT Program’s CERT Coordination Center (CERT/CC), is a group of internet security experts that serve as a trusted and neutral coordination body, dedicated to remediating software vulnerabilities and providing practical guidance for customers, system administrators, security researchers, and the global internet security community to reduce the amount of time software systems are vulnerable.

The individual in this position must be self-motivated and will have the opportunity to serve as a strong contributor and technical leader in the analysis, coordination, and remediation of software vulnerabilities.

The intent is for this position to be primarily located in Pittsburgh, PA with occasional travel to the Washington D.C. area on a monthly basis.

Minimum Qualifications and Requirements:

Education: Bachelor of Science in Computer Science, Information Science, Information Management with three (3) years applicable experience as a system or network administrator, software developer, database administrator or similarly technical occupation; or Master of Science in Computer Science, Information Science or Information or equivalent with one year applicable experience. We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Candidates should have experience working with the government community; at least three years of experience in a Windows and Unix/Linux environment and be able to demonstrate substantial knowledge of at least four of the following:

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: Master of Science in Computer Science, Information Science or Information or equivalent with one year applicable experience; or Ph.D in Computer Science, Information Science or Information. We will consider other educational backgrounds in a technical discipline with experience as described.

Experience: Ideal candidates will have substantial experience in two or more of the following areas:

industrial/process control systems

web application development

computer and network architecture

reverse engineering

software development

computer and network architecture

network security and survivability issues, to include knowledge of and experience with information security concepts, information security best practices and bodies of knowledge, and computer security incident response management

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site-specific information.

Direction: Regular interaction with supervisor. Expected to act in accordance with SEI and CERT program procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: Contributes to hiring decisions of program staff; appraises performance of support staff.

Job Functions or Responsibilities:

40% Analyze vulnerability reports using tools, processes, and techniques designed to provide fact-based analysis to other stakeholders in the vulnerability disclosure process.

20% Research, specify, and develop new tools, processes and techniques to improve vulnerability analysis methodology and to support interaction with stakeholders.

Position Summary: The selected candidate will be responsible for developing prototypes and operational software to automate complex malware analysis tasks. The selected candidate will be an experienced developer that has extensive knowledge of web application frameworks such as Django and Ruby on Rails. The candidate will also be well versed in DevOps methodologies and have a strong desire to mentor junior developers.

MinimumQualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study

Experience:

Eight (8) years of experience with web application/service development

Experience with Git and source code management concepts such as branching, pull requests, and merging

Familiarity with Unix/Linux

Experience mentoring junior developers

Skills/Abilities: Ability to work effectively within a small dynamic team, prioritize work, collaborate across groups, and solve problems without daily tasking from a supervisor. Must be a self-starter with a strong desire to learn new technologies, share knowledge, and automate manual tasks.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 20% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time

Mental: Pay close attention to detail, meet inflexible deadlines, balance multiple tasks, remain calm during difficult situations, work under pressure, and work with frequent interruptions. Highly disciplined in terms of time-management and genuine positive attitude with a passion for the work and ability to project same to influence others.

Deal collaboratively, diplomatically, and successfully with partners, co-workers, and other professional colleagues, managers, and staff; develop and communicate innovative ideas; quickly learn new procedures, techniques, and approaches. Strong information organization skills as well as good oral and written communication skills are required.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study

Experience:

Five (5) years of experience building software using a web application framework such as Django or Ruby on Rails

Direction: Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with departmental and university procedures and policies. Difficult or unique situations are referred to the supervisor. General supervision is provided by Technical Solutions and Special Projects Manager.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of operating, maintaining and implementing a multi-protocol multi-carrier prototype network environment.

Supervisory Responsibilities: Employee may task/supervise other employees in completion of specific tasks. Employee may be required to coach and mentor junior developers and/or direct activities of temporary staff or contractors.

Position Summary: The CERT Threat Analysis group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community.

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with eight (8) years of experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with five (5) year of experience; PhD in Computer Science, Software Engineering, Information Systems, or related field with two (2) year of experience.

recognize and deal appropriately with confidential and sensitive information.

communicate effectively under normal and stressful situations.

handle shifting priorities.

mentoring/training skills.

interact effectively with technical and non-technical audiences both written and verbally.

work within a closely coordinated team.

work calmly and well under pressure.

maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate will be required to travel on overnight assignments. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT Threat Analysis procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

Position Summary: The CERT Division is part of the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Division engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the DoD, federal civilian agencies, private sector organizations and their networked information systems.

The individual in this position will work as a member of the Enterprise Threat and Vulnerability Management (ETVM) team, which focuses on assisting organizations in improving their insider threat mitigation and incident management practices and developing capabilities for preventing, detecting, deterring, and responding to evolving insider threats. ETVM team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment and evaluation methodologies; and creation and delivery of controls, training, courses, and workshops.

The individual in this position will be a part of the Technical Solutions team within ETVM. The Technical Solutions Team is responsible for the creation, development, and management of novel cybersecurity solutions that support customer driven operational and research missions. The Technical Solutions Team interacts with US Government departments and agencies, industry representatives, contractors, academia and others to identify gaps in cybersecurity tools, techniques, and procedures; create prototype capabilities to fill the gaps, and transition the prototype solutions to customers and partner organizations. The team frequently communicates their work to the community by publishing technical reports and white papers, and presenting at conferences, symposia, and other working groups.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related technical field with three (3) years of experience or equivalent, or MS in computer science, software engineering, information systems, or a related technical field with one (1) year of experience or equivalent.

strong oral and written communications skills (e.g., technical writing, user guide development, requirements analysis) and ability to interact effectively with technical and non-technical audiences, as well as present in front of small and large groups; participate in external customer and sponsor meetings.

ability to travel to various locations within the SEI and CMU community, customer sites, and offsite meetings with weekly/monthly frequency to travel on overnight and on-site assignments; ability to work in varied and diverse situations requiring analytical, interpretative, evaluative and constructive thinking;

manage workload and priorities on multiple scheduled assessments;

able to function independently or in teams depending on the project;

work under pressure; deal with stress;

deal with challenging individuals while maintaining composure;

ability to exercise tact and discretion when handling highly sensitive and confidential issues;

maintain confidentiality while working with highly confidential and sensitive matters.

ability to interpret and communicate information about government regulations and university policies.

quantitative and qualitative analytical skills.

ability to trouble shoot problems proactively and to answer questions and handle issues as they arise.

effective time management skills; and strong problem solving skills.

Environmental Conditions: close contact with computer monitor for extended periods of time.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in Computer Science with one (1) years applicable experience; Current Associate Certified Information System Security Profession (CISSP), IEEE Professional Software Engineering Master Certification, or similar certification is desired.

Experience:

experience with software development and/or system administration in large-scale, distributed computing environments.

experience developing materials for senior leadership in government or industry.

experience interfacing with the DOD, US federal civilian government, intelligence community, or law enforcement.

experience working in a classified environment.

Skills/Abilities:

data mining.

machine learning.

text and natural language processing.

proven skills working in a team environment on collaborative projects in US government, critical infrastructure sectors involving network, system or data security.

Accountability: The individual will be accountable for meeting established deadlines and project milestones. The individual will also be accountable for managing sensitive, and possibly classified, customer information.

Direction: The individual is expected to act in accordance with direct supervision from management and senior staff, as well as follow CMU, SEI, and CERT defined policies, practices, and procedures, and to adhere to any additional sponsor-specified requirements related to the projects involved.

Decisions:The individual must make sound decisions, and demonstrate a commitment to those decisions. The individual must also be able to escalate out-of-scope problems to more experienced team members. The individual must accurately represent the program in interactions with external customers, sponsors, and the public.

Supervisory Responsibilities: The individual may be responsible for managing student interns.

10% Contribute to conferences and meetings; participate in marketing calls and technical exchanges with clients; give talks and lectures as appropriate; participate on working groups for subjects of interest.

5% Provide assistance and input to other teams and projects within the SEI.

Position Summary: The CERT program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, PA. The CERT Threat Analysis group is an applied research and development group that provides strategic threat analysis, conducts quantitative studies of large-scale USG networks and builds prototype tools in support of operational sponsors. This group has diverse expertise to include security analysts, network engineers, malware analysts, statisticians, and developers in the Pittsburgh and Washington DC-area. The position of Threat Analyst is responsible for performing in-depth analysis of cyber threat data to include: identification of active security threats, development of new analytic methods, reverse engineering of malicious code, and documenting and transitioning results in reports, presentations, and technical exchanges.

Minimum Qualifications and Requirements:

Education/Training: MS/MA in Computer Science or scientific/technical field with 8 years experience. PhD in a technical field with 5 years experience.

Licenses: N/A

Experience:

Experience in analyzing cyber threat data.

Experience in development of analysis techniques.

Knowledge of static and dynamic code analysis techniques and tools, to include existing gap areas.

Experience publishing research and academic papers.

Skills/Abilities:

The ability to:

reverse engineer malicious code.

develop code in Python or Java.

communicate complex designs or plans to sponsors, project managers and technical staff in clear concise language tailored to the audience.

meet deadlines while working on multiple tasks often with shifting priorities.

deal collaboratively and successfully with customers, co-workers and other professional colleagues, managers, and staff.

Mobility: Primarily sedentary in an office setting with some mobility. Requires travel to various domestic locations within the SEI and CMU community to include the SEI Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month)

Environmental Conditions: Normal office conditions; close contact with computer display for extended periods of time

Mental:

The ability to:

work meticulously with careful attention to detail.

meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities.

deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff.

grasp the big picture, direction, and goals of an effort.

develop and communicate innovative ideas.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS/MA in a scientific, technical, or business field with 10 years experience, or equivalent; PhD in a technical field with 6 years experience.

Experience:

Experience on an incident response; intelligence or security operations floor

Participation in broad public forums through activities such as standards, open source development, or publication

Experience working with the government, or within a critical infrastructure sector

Expertise in Cyber intelligence tradecraft

Knowledge of current challenges and threats faced by USG network security and intelligence organizations

Accountability: This position is accountable for ensuring that the Threat Analysis technical area delivers on the execution of the statement of work for a specific customer.

Direction: The individual in this position is expected to act autonomously using CMU, SEI, and NSS, defined policies, practices, and procedures. Additionally, this position will assist in setting Threat Analysis direction based on an understanding of customer needs.

Decisions: The individual in this position is expected to participate in the decision-making and problem solving process of designing, building and operating systems for network security; suggesting and implementing policies and procedures to support these activities; and creating prototyping implementations of tools and approaches for threat analysis.

Supervisory Responsibilities: This position has no supervisory responsibilities.

Position Summary: The CMU/SEI Forensic Operations and Investigations team is a leading edge analytical resource focusing on critical U.S. Government (USG) needs. For the past 10 years, CERT has provided analytical and operational support to high-profile investigations including numerous activities of national or international significance. Through this work the FOI can see the current limitations of digital analysis and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, FOI is unmatched in its ability to develop new tools and methods to address cyber security limitations and critical gap areas.

This individual will serve in a multi-disciplinary role providing ongoing support to federal law enforcement, defense agencies, and the national intelligence community. As a member of the FOI team this candidate will provide support to on-going operations in the areas of incident response and investigation, full-spectrum digital forensics and applied research in emerging areas of cybercrime. At times, this position will require the team member to develop and deliver training modules related the aforementioned domains.

The successful candidate must have proven computer forensics experience in multi-jurisdiction criminal investigations, be self-directed, have a track record of creating interdisciplinary approaches to problem solving, and demonstrate exceptionally strong presentation and instructional skills. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

Minimum Qualifications and Requirements:

Education/Training: BS Computer Science, Information Security or other related discipline and a minimum of ten (10) years of related experience; or equivalent combination of training and experience.

Experience: At least four or more (4+) year’s relevant experience in computer forensics, to include field and laboratory collection/imaging, analysis, with prior court room testimony preferred. Technical experience required with host and network based forensics investigations and tools, analysis of Microsoft Windows, Unix/Linux and Mac OS operating systems, and removable media data recovery.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, have strong analytical and information organization skills, have excellent oral and written communication skills, and strong technical teaching skills. Candidate must be skilled in instructional design, course development, and evaluation techniques. Candidate must be able to multi-task and work effectively with multiple project teams and sponsors/customers. Technical proficiency with operating systems and detailed knowledge of network protocols are required.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with CRT for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: U.S. Citizenship is required. Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

Preferred Qualifications and Requirements:

Education/Training: BS in Computer Science, Information Security or other related discipline with a minimum of ten (10) years of applicable experience; MS in Computer Science, Information Security or other related discipline with a minimum of eight (8) years of applicable experience; PhD in Computer Science, Information Security or other related discipline with a minimum of five (5) years of applicable experience; or equivalent combination of training and experience.

Experience: Experience with state or federal law enforcement organization; operational knowledge of recently enacted state and federal laws and procedures relating to computer forensics investigations; coordination with criminal investigators, including courtroom testimony.

Skills/Abilities:

Penetration Testing

Information and network security including experience with IDS/IPS

Knowledge of common vulnerabilities, exploits and mitigations

Digital Forensics (host, network and mobile devices)

Incident Response

Ability to research and characterize security threats including defining appropriate countermeasures

Hardware or software reverse engineering for either vulnerability discovery/assessment or malware analysis

Position Summary: The Web Services Systems Administrator (WSSA) is part of the Web Services team within the Office of the Chief of Staff/Office of the Chief Information Officer (OCOS/OCIO). The WSSA is responsible for managing and implementing research and production Linux-based web services. The WSSA is responsible for the secure configuration, deployment and operation of Intranet and Internet-facing web services using various technologies including Java/J2EE, Apache/Tomcat, LAMP, commercial products (e.g. Atlassian Confluence, JIRA, Bamboo, and BitBucket Server), and search appliances.

Minimum Qualifications and Requirements:

Education/Training: BS or BA in Computer Science, Information Science, or Information Technology or an equivalent combination of training and experience.

Licenses: None

Experience: Three of more years of experience as a systems administrator in a high-availability production environment; at least 12 contiguous months of relevant experience served in the same organization evolving a specific infrastructure. Candidate must have experience in the secure deployment and on-going maintenance of Internet-facing web-based information systems. Experience in the deployment, testing, and secure management of web applications based on Apache, PHP, Java technologies (JSP, J2EE, servlets) and data sources (e.g. databases, XML). Candidates should also have experience in architecting and implementing multi-tier web services.

Skills/Abilities: A working understanding of web service protocols, superb script writing and maintenance (e.g., Python, Bourne shell, PERL, PHP, Ruby) skills. Ability to administer production LAMP (Linux, Apache, MySQL, PHP/Perl) and Java services in an enterprise environment. Working knowledge of one or more application languages (Java , PHP, and Perl). Candidate must understand the issues surrounding security of Intranet and Internet-facing systems in production environments and be able to discuss options in the context of a risk analysis for a deployment. Knowledge of Unix/Linux systems in the areas of security, performance tuning and troubleshooting is required for this position.

Ability to collaborate across functional teams to achieve desired objectives

Ability to interact effectively with SEI and external customers, especially in requirements elicitation

Work in a changing environment with a strong learning capability

Work successfully on multiple complex tasks in a team environment

Organize his/her work and meet deadlines

Strong verbal and written communication skills

Mobility: The qualified candidate must be able to work in a normal sedentary position with some mobility (e.g., going to other offices to investigate problems, attending meetings on campus or conferences). Occasional business travel required.

Environmental Conditions: Normal office setting.

Mental: The qualified candidate must be able to work well under pressure in a constantly changing environment, deal with stressful situations while maintaining composure, and prioritize the tasks associated with multiple groups in a team environment.

Other: Evening/weekend hours may be required in order to meet production deadlines or to handle maintenance windows outside normal business hours on an infrequent basis. There is a rotating on-call component to this position – average call volume is very light, about 3-5 calls/week. Candidate must be able to respond to outage events at the main facility in Pittsburgh, PA (Oakland) in a reasonable time (e.g. within ~30 minutes).

Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MA or MS in Computer Science, Information Science, or Information Technology or an equivalent combination of training and experience.

Licenses: None

Experience: Over 12 contiguous months of experience relevant to the minimum qualifications served in the same organization supporting the same network infrastructure. Experience managing a Microsoft-oriented web application stack (IIS, .NET, ASP,) in addition to the minimum LAMP/Java requirement. Experience managing a development stack (e.g., JIRA, Confluence, Bamboo, Bitbucket Server, HipChat) that supports a DevOps community. Extensive experience in designing deploying, securing, administering, and troubleshooting multiple redundant, complex, multi-tier web application systems. Knowledge of the Java and PHP languages to debug application issues and assist as necessary in the development and deployment of applications. Enterprise-level experience in the use and management of content-management systems and EDI systems as key applications in non-technical business units’ daily workflow. Experience with search applications/appliances and the content issues that impact search effectiveness.

Experience working with and/or managing third-party contractors working with internal staff on web applications.

Other: Existing DoD clearance.

Accountability: Employee is accountable for describing, implementing and/or maintaining an efficient, reliable and secure configuration of computing services in support of OCOS initiatives and/or a sponsor/client.

Direction: Employee will be expected to work under minimum supervision within the defined scope of authority and in accordance with Web Services guidelines.

Decisions: Under management direction, employee will decide the appropriate configuration for production computing services. Employee will determine how best to allocate and/or acquire resources necessary to implement and evolve information services.

Employee will determine the cause of computing problems and take corrective action in a timely fashion when a system/service fails or becomes unavailable.

Employee will describe the appropriate procedures to configure and maintain a particular computing system to support one or more critical business functions in a secure manner.

Position Summary: The Information System Security Manager is a hands-on information system security role within the Office of the CIO Information Assurance (IA) team of the Software Engineering Institute (SEI) that operates, monitors, and maintains accredited information systems. This is an opportunity for a cleared IA professional in the Arlington VA area with strong organization and communication skills and working experience with modern Windows system administration tools and operating techniques in a Windows-based accredited network. This position is responsible for facilitating and assuring that information systems in the Arlington VA office remain complaint with DoD and other USG regulations. The position works closely with SEI groups and outside sponsors to coordinate the certification and accreditation of accredited information systems.

Minimum Qualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent combination of training and experience. Current Microsoft server certifications; one or more of MCITP (Server & Client), MCSA, MCSE, etc.

Licenses: One or more of: CAP, CASP CE, Security+CE, SSCP, GSEC, CISM

Experience: Five or more (5+) years of system and network administration experience using modern system administration tools and operating techniques in an accredited production Microsoft Windows infrastructure. Prior experience as an ISSO / ISSM (IAO/IAM) in a small to medium-scale classified enclave. Experience as a system / network administrator for services under government cognizance (e.g., DISA, DSS); knowledge of the DOD STIGs and their application in establishing and operating information systems. Experience confirming audit records and STIG compliance for systems in an accredited Microsoft Windows infrastructure.

Skills/Abilities: Problem solving skills. Demonstrated knowledge of Windows operating system commands/utilities; demonstrated knowledge of system administration tools and processes such as those used to manage software, Group Policy Objects, and other aspects of Active Directory; demonstrated knowledge of server and network problem resolution based on examination of events/alerts and system monitors/logs.

Mental: Ability to identify, isolate and resolve systems problems. Communicate the nature of problems to different parties (e.g., system / network administrators, IA professionals, IT user support, etc.) to resolve technical issues, sometimes under pressure. Temperament and maturity to self-motivate and prioritize tasks with input from a remotely located manager.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance. Must meet and maintain DoD 8570-M readiness requirements within six (6) months of employment. Additional work hours (weekend and evening hours) may be required on an infrequent basis. May be required to stay at or return to work during incidents and/or emergencies to perform duties as requested.

Preferred Qualifications and Requirements:

Licenses: One or more of the following: Active CISSP (or Associate), GSLC, CISM.

Accountability: Ensures server(s) and client stations are operating efficiently and resolves issues. Verifies that accredited systems maintain their prescribed configuration and addresses/reports deviations from same immediately. Recommends and performs modifications to enhance server/service performance and reliability.

Regularly communicates with the ISSO and ISSM as well as IT engineering group leaders in Pittsburgh to convey operational status information relevant to the services in scope.

Responsible for proper handling (e.g., safe storage, proper marking, approved destruction) of document and media used in the operation and maintenance of classified systems.

Responsible for providing information relating to equipment and facility needs each fiscal planning session to aid in budgeting expenses related to the operation of accredited systems in “closed” areas.

Participates in the development or revision of IS-specific security safeguards and local operating procedures to satisfy certification requirements. Works with the ISSM and ISSO in Pittsburgh to align policies to DC operations.

Direction: Works under limited supervision from a remote manager as part of the OCIO IA team.

Expected to act independently to maintain and securely operate accredited systems with guidance from the lead ISSM, FSO, and OCIO senior management. Draws guidance from relevant operational security guidelines / manuals, turning to the lead ISSM for clarification when needed.

Most work is performed independently, or in concert with the lead ISSM and appropriate IT staff.

Decisions: Must be able to identify user and systems issues and resolve trivial issues independently. Information Security issues and complex operational problems are handled in concert with the ISSO, ISSM and appropriate IT or Security staff.

Regularly inspects accredited systems and may task other IT personnel in order to address infractions or post-audit POA&M issues.

Will assist in the training process for new staff and users of accredited systems.

Job Functions or Responsibilities:

20% Installs, maintains, configures and upgrades accredited servers, workstations and network devices in accordance with most current STIG documents. Assists users to resolve problems related to closed area systems and services.

15% Reviews server logs directly or with analysis tools to discern operational anomalies, including operational threats (e.g., resource contention/exhaustion) and security concerns; addresses and/or reports these to IA colleagues or IT as appropriate.

15% Reports on the operational status of accredited information systems based on reviews and scans to accrediting agencies, possibly through established channels such as ACAS, HBSS, etc. Reporting is coordinated with the IA team in the Pittsburgh office.

This position has multiple openings and can be located in Pittsburgh, PA or Arlington, VA.

Position Summary: As a member of CERT's Workforce Development program, the candidate will work with other team members in developing cyber-security training exercises and simulations, primarily for US military/government customers. This involves interacting directly with customers, gathering training requirements and objectives, producing and facilitating creative and engaging exercise scenarios, and building supporting physical and virtualized systems and network topologies. As such, the candidate will work regularly with a wide range of software and hardware technologies within CERT labs. The candidate may also assist in developing and teaching cyber security training content to external customers. The candidate will also be involved software and hardware prototype development. Additionally, the position requires the candidate to have demonstrated and effective leadership/management abilities as he/she may supervise and evaluate full time direct reports as well as the activities of graduate student assistants. The successful candidate must be self-directed, have an interdisciplinary approach to problem solving, and work well communicating technical information to technical and non-technical users. The candidate must also be able to interact with clients and staff of all levels in a highly professional and competent manner.

MinimumQualifications and Requirements:

Education/Training: Bachelor’s degree in Computer Science, Information Science, or related discipline with eight (8) years applicable working experience in information technology, Master’s degree in Computer Science, Information Science, or related discipline with five (5) years of applicable working experience in information technology, PhD Computer Science, Information Science, or related discipline with two (2) year of applicable working experience in information technology, or equivalent combination of training or experience.

Experience: Successful candidates must possess "hands-on" experience with Computer/Network Security and I.T. system and network administration. Additionally, he/she must have practical experience with Windows server and desktop platforms and Linux/Unix operating systems. The candidate must have experience in network design and troubleshooting and implementing standard networking protocols. Additionally, demonstrated practical experience working with common commercial and open-source cyber security tools is required. The candidate should have some experience teaching technical content to students, peers, and non-technical individuals and must enjoy doing so.

Skills/Abilities: Candidate must be able to prioritize workload and complete deliverables on time, have good technical problem-solving skills, strong analytical and information organization skills, excellent oral and written communication skills, and strong technical teaching skills. Candidate must be able to multitask and work effectively with multiple project teams and sponsors/customers. Experience with virtualization technologies, particularly VMWare ESX server is highly desired. Programming experience in C, C++, C#, Python, and Java is also highly desirable.

Physical Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel to customer sites.

Environmental Conditions: Close contact with computer for long periods of time.

Mental: Ability to pay close attention to detail, meet deadlines, work under pressure, and communicate effectively.

Other: U.S. Citizenship is required. Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

Accountability: The incumbent is accountable for the definition, creation, and maintenance of final deliverables and products and may manage unclassified/classified DoD projects in excess of $3M annually.

Direction: The incumbent is expected to act independently using CMU and SEI defined policies, practices, and procedures.

Decisions: The incumbent must use good judgment to solve customer and personnel problems and is required to envision, design, develop, pilot, and deliver new capabilities, products, and services. Candidate will also be required to accurately represent SEI/CERT and its technical work in interactions with customers, sponsors, and the public.

Supervisory Responsibilities: The incumbent may have at least 2 direct reports as well as up to 15 secondary reports and will be required to provide performance management, career guidance, and take personnel corrective actions as required.

Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University with offices in Pittsburgh, Pennsylvania and Arlington, Virginia. The CERT Program engages in cutting-edge research, development, testing, and evaluation to improve the state of cybersecurity. As Cybersecurity Risk Management Technical Manager, you will lead a team of technical staff in developing and transitioning cybersecurity capabilities to both government and the private sector with a focus to benefit the US Department of Defense (DoD).

You have both a breadth and diversity of experience with applied research, technology, information assurance, risk management, and technology lifecycle in DoD/Government domains. You are considered an expert source in risk management for your team, and you continue to acquire and expand your knowledge. You enjoy spending time with customers and practitioners to understand their problems and find innovative solutions.

You know how to lead teams (both co-located and geographically dispersed) of senior level engineers and complex projects – to supervise and review their work products, to guide their career paths, and to ease administrative burdens so that they can achieve jointly-developed technical goals. You know how to identify and propose new business development opportunities. You know how to manage a diverse portfolio of work products and customers. You also bring advanced problem-solving and consulting skills in your role as a conduit and representative of the SEI with the community. You enjoy presenting to groups, publishing written works, and teaching/training others, and as a member of the Carnegie Mellon University community, you will have the opportunity to work with world-renowned faculty members and experts in cybersecurity.

As a member of our management team, you work with your Director and other Technical Managers to develop a Directorate-wide strategy, then you roll up your sleeves to develop and execute an implementation plan for your team to meet these goals, thereby assessing and improving the cybersecurity posture of the DoD, US Federal Government, Critical Infrastructure, and Industry.

Minimum Qualifications and Requirements:

Education/Training: BS in computer science, software engineering, information systems, or a related scientific/technical field with ten (10) years’ experience or equivalent combination of training and experience.

Experience: Familiarity with process improvement models that contain the essential elements of effective management, development, and acquisition processes for one or more disciplines (e.g. the SEI’s CMMI) and experience transitioning these models into organizational practice; three or more years of leadership experience with responsibility for project and budget management.

Skills/Abilities:

Consulting skills and experience.

Demonstrated ability to develop and deliver training courses.

Project management experience.

Leadership and mentoring skills.

Strong knowledge of cybersecurity standards and related bodies of practice.

Experience with DoD customers.

Background in process improvement and capability measurement.

Ability to collaborate with other team members to accomplish organizational goals.

Critical-thinking skills.

Excellent written and verbal communications skills.

Physical/Mobility: Primarily sedentary in an office setting with some mobility. Ability to travel frequently to various locations within the SEI and CMU community, customer sites, conferences, and offsite meetings.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Strong interest in the human, managerial, and technical aspects of cyber security is critical for this position as are these abilities: take or share leadership role in technical projects; work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to understand the big picture, direction, and goals of an effort; ability to develop and communicate innovative ideas; ability to demonstrate initiative and to quickly learn new procedures, techniques, approaches, etc.

Accountability: The individual will implement and participate in the planning and execution of projects leading to technical products and results. The individual will also contribute to project, department, and program objectives and planning document development. The individual will keep in confidence sensitive information such as customer processes, risks, vulnerabilities, and internal work products, whether for eventual public or private distribution.

Direction: The individual is expected to act independently using CMU, SEI, and CERT defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers, sponsors, and the public. The individual is expected to perform analysis on-site at customer locations and immediately assess potential vulnerabilities requiring further investigation.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, resident affiliates, visiting scientists, and independent contractors. Depending on research project or customer work plan, position may involve task leadership.

Other: Must have a strong interest in cyber security and critical infrastructure protection, applied research, and development. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, information systems, or a related scientific/technical field with eight (8) years’ experience; PhD in computer science, software engineering, information systems, or a related scientific/technical field with five (5) years’ experience, or equivalent combination of training and experience.

Licenses: CISSP, CISM, GIAC, or similar; certifications from the audit discipline (such as CISA) are also acceptable.

Skills/Abilities: In addition to the minimum skills/abilities above, preferred skills/abilities include: demonstrated ability to develop and deliver coursework and training.

Job Functions or Responsibilities:

30% Manages team to effectively implement and accomplish the SEI Program Plan, the CERT Division strategic plan, and the directorate strategic plan. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).

30% Provides guidance to and monitors the success of team/technical leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team/technical leads and their supervisory responsibilities of technical staff. Conducts performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff for the CRM team.

20% Sets technical direction for team. Leads strategic planning process and contributes to the development of the CRR, CERT, and SEI strategic and program plans. Ensures annual update of plan; reviews feasibility of plan, identifies risks and defines risk mitigation strategy. Articulates vision for internal and external audiences.

10% Identifies opportunities for new technical projects and manages start-up of new, high-priority technical areas of work. Works with Technical Director and business management personnel to develop and implement a funding and transition plan for new work areas.

Position Summary: The CERT Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. CERT engages in cutting-edge research and development in computer security. The CERT Security Automation Directorate helps large network operators and security organizations in the USG distill actionable insights from networks through strategic analysis, tool building, and systems development.

As a member of the Deployment Team, the selected candidate will be responsible for developing, deploying, and evolving a network security test bed used for prototyping and systems analysis. The selected candidate must be capable of administering commodity systems as well as operating specialized networking equipment and hardware. As required, the candidate will support operational users and developers by using the test bed to verify engineering scenarios, create and test data-sets, and improve infrastructure automation.

MinimumQualifications and Requirements:

Education/Training: BS in computer science, software engineering, computer engineering, or a related quantitative field of study with eight (8) years of applicable experience.

Experience: Applicable experience in the design and implementation of complex testing and networking, including experience in:

Ability to attend customer meetings and respond to customer requirements.

Mobility: Sedentary in an office setting with some mobility, i.e., able to travel to various locations within the SEI and CMU community as well as travel up to 20% to customer sites.

Environmental Conditions: Close contact with computer for extended periods of time.

Mental: Ability to work meticulously with careful attention to detail; ability to meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; ability to deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; ability to quickly learn new procedures, techniques, approaches, etc.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in computer science, software engineering, computer engineering, or a related quantitative field of study with five (5) years of applicable experience.

Experience:

Experience working in production computing environment.

Experience designing, operating, and maintaining environments that include Unix/Linux, Windows, virtualization, and network systems and hardware.

Other products and customer deliverables including material for technical presentations and reports to customers, training material, and technical documentation.

Direction: The individual is expected to act independently using CMU, SEI, and NSS defined policies, practices, and procedures – within the scope of assigned work.

Decisions: The individual is expected to participate in the decision-making and problem-solving processes of operating, maintaining and implementing a multi-protocol multi-carrier prototype network environment.

Supervisory Responsibilities: This position does not formally supervise others. However, the individual may act in a technical leadership (non-supervisory) role in regard to specific work products and activities, or in regard to student interns, etc.

Job Functions or Responsibilities:

45% Manage the hardware and software of a prototype network security test-bed to include all appropriate system administration tasks and processes; provision for new requirements and growth.

30% Define and execute tests in the network security test-bed on behalf of internal and external users.

20% Build appropriate scenarios, profiles, and data-sets in support of internal and external users using the network security test-bed.

Position Summary: The CERT Program is a world-class program within the SEI, a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program engages in cutting-edge research and development and develops and transitions disciplined approaches to improve the survivability and resiliency of the US Department of Defense, US Intelligence Community, federal civilian agencies, private sector organizations and their networked information systems. CERT supports government customers by developing and transitioning cutting-edge analysis techniques and tools, providing strategic advisement, and supporting tactical operations.

CERT is seeking a dynamic Security Operations Technical Manager (TM) who will lead, shape and manage the growth of a cutting edge security operations program. This candidate will be able to reason about complex problems, be an innovator, and a leader.

This candidate must be able to develop and execute a technical agenda and strategic roadmap to continually improve the state of the art and practice of Security Operations and Incident Management/Response. The TM will need to be able to communicate this technical vision and be capable of building consensus within the team and to maintain a successful culture built on high-quality and impactful customer work.

This approximately 20-person Security Operations team works from the SEI’s Pittsburgh and Arlington offices, and is embedded at USG facilities in the Washington DC-Baltimore area. The position of technical manager is responsible for all aspects of developing and executing the body of work to include setting the technical direction; managing financials; business development; and personnel issues.

This role reports to the Director of Monitoring and Response, a directorate in the CERT Division.

Minimum Qualifications and Requirements:

Education/Training: BS in a Computer Science or related scientific/technical field with ten (10) years’ experience, or equivalent combination of training and experience.

Experience: Experience listed above should include:

Work in cyber security or intelligence operations;

Prior responsibility managing a team comprising a total of at least 10 individuals with commensurate personnel and financial authority.

These individuals should have had cyber operations roles.

Skills/Abilities: Working knowledge of:

Current security challenges and threats faced by a subset of the following audiences: USG intelligence, defense, law enforcement, civilian departments, and critical infrastructure.

USG mission’s areas/owners in cyber security.

Community best practices in cyber operations and associated tools/techniques.

Physical Mobility: Primarily sedentary in an office setting with some mobility. Requires travel to various domestic locations within the SEI and CMU community to include the SEI Arlington/Pittsburgh office; sponsor sites; conferences; and offsite meetings with routine frequency (up to one 2 day trip every week).

Mental: The ability to: work meticulously with careful attention to detail; meet deadlines while working on multiple tasks – sometimes under pressure and with shifting priorities; deal collaboratively, diplomatically, and successfully with customers, co-workers and other professional colleagues, managers, and staff; ability to grasp the big picture, direction, and goals of an effort; develop and communicate innovative ideas; and excellent oral and written communication skills.

Other: Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Preferred Qualifications and Requirements:

Education/Training: MS in a related technical field with ten (10) years of experience, or equivalent combination of training and experience.

Experience: Experience listed above should include:

Working for or supporting the USG.

Supporting multiple sponsors/customers.

Supporting customers in an operational security environment such as incident response, intelligence, or a security operations center.

Supporting elements of the critical infrastructure sectors or international NCSIRTs.

Leading community building activities in the critical infrastructure, NCSIRT, or USG space.

Establishing and defining processes for operational security organizations, and codifying best practices from community and operational experience.

Leading workforce/capacity building projects.

Prior responsibility in managing a team of 15-20 individuals with commensurate personnel and financial authority.

Participation in public and closed community security forums through activities such as publication, presentation, collaborative security operations, and collaborative research.

Working knowledge of secure systems and network architecture practices.

Accountability: This position is accountable for the specification and execution of all any Incident Analysis technical area work plans and a subset of the SEI operational plan.

Direction: The individual in this position is expected to act autonomously using CMU, SEI, and CERT, defined policies, practices, and procedures. Additionally, this position will define those set for their technical area and influence those set for CERT.

Decisions: The individual in this position is expected to make strategic choices about the direction of the technical area that will be distilled into a technical agenda funded by a defined set of existing or new customers and implemented by a team hired to support the specifics tasking.

Supervisory Responsibilities: This position has ultimate supervisory responsibility over all staff in the technical area to include hiring, performance reviews, salary adjustments, task assignment, and setting the tone and culture of the group.

Job Functions or Responsibilities:

30% Manages group to effectively implement the SEI and task order work plans. Sets goals and objectives and manages operational and functional business activities. Develops, implements and tracks short and long term operational plans (financial, staffing, infrastructure, project).

30% Provides guidance to and monitors the success of team leads in meeting strategic and operational goals. Assesses performance of direct reports and makes salary recommendations for all staff within areas of responsibility. Provides oversight of team leads and their supervisory responsibilities of technical staff and conducting performance reviews. Responsible for recruitment, hiring, development and retention of all technical and support staff.

10% Identifies opportunities for new technical projects and manages start-up of new, high-priority technical programs of work. Works with Technical Director of Response and Monitoring to develop and implement a funding and transition plan for new work areas.

Founded in 1946, Boyden is the oldest and one of the largest privately owned search firms in the world, with more than 65 offices in over 40 countries. In the world of executive search, Boyden is distinguished by the expertise of our consultants, the resources of our global firm, our commitment to our clients, and our culture of professionalism and integrity. For further information about Boyden, visit www.boyden.com.

Background

Our client, the Carnegie Mellon University Software Engineering Institute (SEI), is seeking a highly experienced, dynamic and visionary leader to fill the position of Managing Director, CERT Division. The position is located in Pittsburgh, PA and is open due to a planned retirement in September.

For over three decades, the Software Engineering Institute has been helping government and industry organizations to acquire, develop, operate, and sustain software systems that are innovative, affordable, enduring, and trustworthy. SEI serves the nation as a not-for- profit, Federally Funded Research and Development Center (FFRDC), specifically established by the U.S. Department of Defense (DoD) to focus on software and cybersecurity. SEI is based at Carnegie Mellon University, a global research university annually rated among the best for its programs in computer science and engineering.

As an FFRDC, the SEI fills voids where in-house and private sector research and development centers are unable to meet DoD core technology needs. For government and industry, the SEI is an objective, unbiased, honest broker that maintains a critical mass of top-caliber software and cyber professionals; provides a central repository for information about software engineering and cybersecurity; develops and maintains core competence in areas critical to the DoD; and serves as an intellectual crossroads and catalyst for change.

SEI is composed of three business units:

Software Solutions Division

Emerging Technology Center

CERT Division

The CERT Division (CERT) is a national asset in the field of cybersecurity that is recognized as a trusted, authoritative organization dedicated to improving the security and resilience of computer systems and networks. CERT regularly partners with government, industry, law enforcement, and academia to develop advanced methods and technologies to counter large-scale, sophisticated cyber threats. CERT is a leader in:

Network Analysis

Analyzing cyber vulnerabilities in the critical infrastructure

Performing research to address insider threats

CERT has approximately 260 employees and represents $88.4 million of funding out of SEI’s total FY $137.2 million. FY 2016 projections are $97.2 million for CERT and $144.5 million for all of SEI. Because CERT is located within the SEI, the majority of its work contributes to government and national security efforts. CERT collaborates with high level government organizations such as the Department of Defense; Department of Homeland Security (DHS); law enforcement, including the FBI; the Intelligence Community; and many industry organizations. CERT also collaborates with non-Federal organizations to resolve software vulnerabilities.

For more information on SEI, please visit the SEI web site at www.sei.cmu.edu and for CERT, www.cert.org

Position

The Managing Director of the CERT Division reports to the Director & CEO of the SEI and is a member of the SEI’s Executive Leadership Team (ELT). CERT is the largest division bringing in nearly $100 million in funding to the SEI. This position is directly responsible for approximately 250 to 300 employees.

In addition to her/his duties and responsibilities as Managing Director, the selected individual is also expected to participate on research and science advisory boards, such as external advisory boards for other labs, science advisory boards, and/or programs conducted by the National Academies of Science and Engineering.

Key Responsibilities

The Managing Director’s primary responsibilities are to develop and implement the strategic plan and maintain oversight of the entire division including day-to-day management – direction of the research, development, and delivery of the products and technologies; and develop and manage work plans with SEI customers and collaborators.

Additional key responsibilities of the Managing Director include:

Developing, implementing and overseeing the strategy, direction, and management of SEI’s activities in the area of cybersecurity

Providing leadership, both horizontally and vertically across the SEI

Developing near- and long-term strategies and financial goals; within first 100 days develop a 2-year CERT strategic plan that aligns with the SEI Directors Office initiatives

Managing the DoD STE allocation of CERT

Leading the business development efforts relative to DoD, other Federal and Commercial clients to ensure aggressive long term growth in revenues and margins

Leading the strategic planning for and providing leadership and guidance to the business development efforts throughout the division; establish revenue goals, KPIs, and oversight in the identification and closure of opportunities for expanding existing relationships and for new business including:

Acquiring additional DoD business in the area of cybersecurity

Developing the intelligence business which will supplement CERT funding, but is not limited by STE ceiling

Nurturing existing client relationships and funded programs of work

Developing new clients in the non-DoD sector (other Federal clients and Commercial organizations)

Establish strategic alliances and joint ventures that will accrete to SEI’s growth across all business units

Building strategic Senior Leadership relationships with other organizations within the DoD

Working with the SEI Director’s Office and Chief Strategy Officer’s Office to establish and achieve an annual set of strategic goals in the areas of Technical, Research, Workforce, Customer, Revenue, and Mission

The ideal candidate must have a minimum of fifteen (15) years of progressively increasing technical responsibilities managing research projects in a University, the Department of Defense, or in a software intensive systems environment at the classified level. He/she must have demonstrated experience in leading business development activities that result in substantial growth of revenues over time.

The ideal candidate must have experience in building and managing high technology teams and have the knowledge of DoD/IC computer science, cybersecurity, IT Architecture, or software technology. An M.S. degree in a technical field is required and an advanced business degree is desirable. Candidates must have a DoD Top Secret security clearance or the ability to obtain one.

The candidate must be able to demonstrate successful experience in managing a portfolio of large, complex, research projects that proved strategic in nature and the content of which have focused on information technology, software reliant systems, cybersecurity, and technology while also reflecting growth in revenue and assurance of compliance with policies/regulations. He/she should have experience with budget management responsibilities including monitoring financial information and performance against goals. Management experience within a university, government, military, and/or Fortune 500 technology-based organization is preferred. Candidates must be able to travel domestically and internationally up to 50% of the time.

Additionally, the candidate must possess/be:

A strategic thinker and capable of thinking outside-the-box

Experienced in financial management and personnel mentoring and oversight

Track record of accomplishments in leading the research and transition agenda for a technology-based organization

Experience in developing plans and managing projects (budget and schedules) in an integrated team environment

Demonstrated understanding of the current and future government cybersecurity needs

Understanding of how to commercialize DoD cyber technology and sell and market to the commercial community

Ability to collaborate internally and partner effectively with all levels of the organization

Demonstrated ability in leading and managing senior level researchers and engineers

Strong influencing, consensus building and engagement skills

Ability to collaborate and negotiate agreements with senior managers and officials both internally and externally

Confident but have one’s ego in control and have a healthy sense of humor

Compensation and Benefits

This is an outstanding career opportunity for an individual interested in a genuine professional challenge. With this position comes a very competitive compensation and benefits program.

HOW TO APPLY

The Officer-in-Charge of this engagement is Tim McNamara, Managing Partner. Linda Kearschner, Principal, is leading the recruiting effort for the project. Interested parties should submit, in electronic format, a resume with salary history and a cover letter outlining reasons for interest in this opportunity to lkearschner@boyden.com, or may call our toll free number at 1.877.2.BOYDEN (226-9336) or 1.202.536.5168 for additional information.

Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran

Within the group, the Data Integration Analyst manages the technical aspects of operationalizing the tools and techniques of the directorate. This operational capability accelerates the discovery and transition of actionable data to the analysis community. The team is responsible for the collection, storage, and aggregation of data sources. They additionally work in concert with analysis to streamline automated analysis.

Minimum Qualifications and Requirements:

Education/Training: BS in a scientific or technical field with three (3) years experience; MS in a scientific or technical field with one (1) year experience.

Experience: Experience listed above should include some work in operational security or incident response; software development or analysis. Experience in an operational environment and systems deployment.

Mobility: Primarily sedentary in an office setting with some mobility. Requires travel to various domestic locations within the SEI and CMU community to include the SEI DC office; sponsor sites; conferences; and offsite meetings with routine frequency (2-3 trips a month).

Accountability: The individual is accountable for the definition, creation, operations of data inject and archival and analysis systems.

Direction: The individual in this position is expected to act autonomously using CMU and SEI defined policies, practices, and procedures. Additionally, this position will define those set for TA and influence those set for CERT.

Decisions: The individual must make sound technical decisions with little supervision. The individual must accurately represent the program in interactions with customers and sponsors.

Supervisory Responsibilities: This position could involve the training and oversight of the work of other staff members, graduate students, and independent contractors.

Job Functions or Responsibilities:

30% Manages the data integration platform to including hardware and software assets.

35% Provides mentoring to and monitors the success of team members in meeting operational goals.

35% Evaluates and selects technology to support the analytic mission of the directorate.

Position Summary: The CERT Threat Analysis group aims to improve malware analysis capability while addressing active and emerging threats. The successful candidate will reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community.

Education/Training: Bachelor of Science in Computer Science, Software Engineering, Information Systems, or related field with three (3) years of experience, or equivalent; Master’s Degree in Computer Science, Software Engineering, Information Systems, or related field with one (1) year of experience.

recognize and deal appropriately with confidential and sensitive information.

communicate effectively under normal and stressful situations.

handle shifting priorities.

mentoring/training skills.

interact effectively with technical and non-technical audiences both written and verbally.

work within a closely coordinated team.

work calmly and well under pressure.

maintain composure while dealing with difficult people.

Mobility: Primarily sedentary, long periods of sitting; ability to travel to various locations within the SEI and Carnegie Mellon community, customer sites, conferences, and offsite meetings with some frequency.

Mental: Ability to work under pressure and changing priorities; pay attention to detail; meet inflexible deadlines; deal with difficult individuals while maintaining composure.

Other: Candidate will be required to travel on overnight assignments. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.

Accountability: Develop and implement project technical results. Contribute to program objectives and plans development. Keep in confidence sensitive information such as security, vulnerability, and site information.

Direction: The individual is expected to act independently in accordance with Carnegie Mellon, Software Engineering Institute, CERT Program, and CERT Threat Analysis procedures and policies, such as those involving product development, team interaction, and confidentiality.

Decisions: Must accurately represent the program in interactions with customers, sponsors, and the public. Participate in conferences and workshops where security-related issues are discussed as required.

Supervisory Responsibilities: This position has no supervisory responsibilities.

Position Summary: The CERT program of the Software Engineering Institute is looking to fill a leadership position improving the cyber security of acquisitions in the Air Force. This high visibility, high impact position will be responsible for helping senior leaders of Air Force programs improve the cyber resiliency of software intensive systems throughout the acquisition lifecycle, from requirements to development to deployment and sustainment.

This Senior Member of the Cyber Security Foundations directorate will be responsible for leading cross functional teams that enable the organizations within the Air Force to enhance the predictable performance and mission assurance in the acquisition, evolution and operations of software-reliant systems. Key activities include understanding customer requirements and key challenge problems and addressing them with tailored solutions; applying, adapting, integrating, verifying and transitioning applicable research and practices to maximize impact; creating, applying and codifying new approaches to support customer needs and advance the software security state of the practice; and maintaining situational awareness in technical and DoD domains. The candidate will coordinate closely with technical staff in CERT and other SEI programs to deliver cyber security technical expertise to customers throughout the life-cycle.

Minimum Qualifications and Requirements:

Education/Training: BS or equivalent degree in relevant discipline with ten (10) years applicable experience; MS or equivalent degree in relevant discipline with eight (8) years applicable experience; PhD or equivalent degree in relevant discipline with five (5) years applicable experience, or equivalent combination of training and experience.

Experience: The candidate must have experience in software engineering, development or management, and/or systems engineering. Must be knowledgeable of the software engineering and system engineering disciplines as well as understanding the DoD acquisition processes and relevant cyber security processes, such as the Risk Management Framework (RMF). The candidate should have experience building, leading, managing and participating on cross-functional, high technology teams, should be able to operate effectively with all organizations within the software and acquisition communities and be able to interact diplomatically with partners, customers and sponsors.

Skills/Abilities: Detailed knowledge of cyber security and mission assurance in the acquisition process; detailed knowledge of at least one core competency: requirements, architecture and design, program and acquisition management, performance improvement, or assurance. Experience in five or more of the following: DoD software systems acquisition on major programs (For the purposes of this announcement, our definition of major is at least 100K SLOC of custom developed code, and/or significant integration of COTS/GOTS products); solid technical breadth and understanding of all aspects of the end-to-end software lifecycle (e.g., requirements, design, implementation, testing, etc.); alternative life cycles (e.g. waterfall, agile); major DoD software acquisition policies and directives; enterprise architecture ; software architecture development and evaluation, software architecture patterns (e.g. SOA) and concepts (e.g. Cloud computing); information Assurance/survivability; systems engineering on software intensive systems; COTS product integration; performance measurement including definition and application of goals, measurements and metric; system of systems engineering; requirements development and management; software integration and test and software/hardware integration; deployment of software intensive systems, especially including transition from legacy systems; cost estimation.

Strong written and verbal communications skills and the ability to present to high visibility stakeholders internal and external to the organization. Proven program and project management skills including: interfacing with clients, developing proposals, and establishing relationships with new DoD and/or government clients and programmatic and project management skills (e.g., ability to develop project plans, track deliverables, manage risks, perform staff planning, provide budget oversight). Ability to lead and participate in multidisciplinary teams.

Accountability: The member will be directly accountable for understanding DoD acquisition and cyber security needs, applying new technologies, and establishing delivery capabilities to meet the needs of the sponsoring organization and the acquisition community.

Direction: As a technical staff member, he/she will be expected to operate with minimum supervision using CMU and SEI defined practice, policies and procedures, in concert with the SEI mission.

Decisions: Will be required to work with government program offices to identify strengths and weaknesses within the acquisition program and their contractor base and build solutions to address the weaknesses and recognize and encourage the strengths.

Supervisory Responsibilities: Must be able to lead and supervise others.

Job Functions or Responsibility:

65% Participate as a leader or member of technical teams in support of government acquisition program offices or participate as a member of a technical team performing research. Identify and support the implementation strategies for the capture and application of learning and knowledge transfer from assignments (e.g. dissemination of research results, case studies, guides, reports, presentations, articles, workshops, courses, and blog entries).

20% Work with managers, business developers, current customers, and prospective customers to identify and define value-delivering opportunities and capture work.

10% Other duties as assigned by management.

5% Serve in an advisory capacity to other SEI technical programs on acquisition or technical issues.

Apply for Positions

Search for Positions

Accessibility Needs for Applicants, Students and Visitors

Carnegie Mellon University makes every effort to provide physical and programmatic access individuals with disabilities. If you require an accommodation to participate in any part of the employment process, please contact Disability Resources by emailing access@andrew.cmu.edu or calling 412-268-3930.

Carnegie Mellon University considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, or any other legally protected status.